PowerShell Logo Small

Set-NetFirewallSetting



This is the built-in help made by Microsoft for the command 'Set-NetFirewallSetting', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies the global firewall settings of the target computer.

SYNTAX


Set-NetFirewallSetting [-AllowIPsecThroughNAT <IPsecThroughNAT>] [-AsJob] [-CertValidationLevel <CRLCheck>] [-CimSession <CimSession[]>] [-EnablePacketQueuing
<PacketQueuing>] [-EnableStatefulFtp <GpoBoolean>] [-EnableStatefulPptp <GpoBoolean>] [-Exemptions <TrafficExemption>] [-GPOSession <String>] [-KeyEncoding <KeyEncoding>]
[-MaxSAIdleTimeSeconds <UInt32>] [-PassThru] [-PolicyStore <String>] [-RemoteMachineTransportAuthorizationList <String>] [-RemoteMachineTunnelAuthorizationList <String>]
[-RemoteUserTransportAuthorizationList <String>] [-RemoteUserTunnelAuthorizationList <String>] [-RequireFullAuthSupport <GpoBoolean>] [-ThrottleLimit <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-NetFirewallSetting [-AllowIPsecThroughNAT <IPsecThroughNAT>] [-AsJob] [-CertValidationLevel <CRLCheck>] [-CimSession <CimSession[]>] [-EnablePacketQueuing
<PacketQueuing>] [-EnableStatefulFtp <GpoBoolean>] [-EnableStatefulPptp <GpoBoolean>] [-Exemptions <TrafficExemption>] [-KeyEncoding <KeyEncoding>] [-MaxSAIdleTimeSeconds
<UInt32>] [-PassThru] [-RemoteMachineTransportAuthorizationList <String>] [-RemoteMachineTunnelAuthorizationList <String>] [-RemoteUserTransportAuthorizationList <String>]
[-RemoteUserTunnelAuthorizationList <String>] [-RequireFullAuthSupport <GpoBoolean>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf]
[<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-NetFirewallSetting cmdlet configures properties that apply to the firewall and IPsec settings, regardless of which network profile is currently in use. This cmdlet
allows the administrator to specify global firewall behavior.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288368
Copy-NetIPsecRule
Get-NetFirewallSetting
New-NetIPsecRule
Open-NetGPO
Save-NetGPO
Set-NetIPsecRule
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$nfSetting = Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name



PS C:\>Set-NetFirewallSetting -Exemptions RouterDiscovery -InputObject $nfSetting


This cmdlet can be run using only the pipeline.
PS C:\>Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name | Set-NetFirewallSetting -Exemptions RouterDiscovery



This example modifies the global firewall settings of a particular GPO policy store.




EXAMPLE 2

PS C:\>$computers = New-Object –Typename System.Security.Principal.NTAccount ("corp.contoso.com" "SecureMachineName1")



PS C:\>$SIDofSecureComputerGroup = $computers.Translate([System.Security.Principal.SecurityIdentifier]).Value



PS C:\>$SecureMachineGroupSDDL = "D:(A;;CC;;; $SIDofSecureComputerGroup)"



PS C:\>$nfSetting = Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name



PS C:\>Set-NetFirewallSetting –RemoteMachineTunnelAuthorizationList $SecureMachineGroupSDDL –InputObject $nfSetting


This cmdlet can be run using only the pipeline.
PS C:\>Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name | Set-NetFirewallSetting –RemoteMachineTunnelAuthorizationList $SecureMachineGroupSDDL



This example allows authorization to override the per-rule basis and to be done at the IPsec layer in a GPO.